package com.guo.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;

import java.util.UUID;

/**
 * @Author ghg
 * @Date 2025/09/25 16:01
 * @Version 1.0
 */
@Configuration
public class AuthorizationServerConfig {

	// 配置客户端（可以从数据库加载，这里用内存演示）
	@Bean
	public RegisteredClientRepository registeredClientRepository() {
		RegisteredClient ssoClient = RegisteredClient.withId(UUID.randomUUID().toString())
				.clientId("sso-client-demo") // 客户端ID
				.clientSecret("{noop}client-secret") // 客户端密钥，{noop}表示明文，生产环境请用BCrypt
				.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
				.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) // 授权码模式
				.authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN) // 刷新令牌
				.redirectUri("http://127.0.0.1:8080/login/oauth2/code/sso-client") // 重定向URI
				.scope("openid") // 开放ID连接基本范围
				.scope("profile") // 用户个人信息范围
				.clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build())
				.build();
		return new InMemoryRegisteredClientRepository(ssoClient);
	}

	@Bean
	public AuthorizationServerSettings authorizationServerSettings() {
		return AuthorizationServerSettings.builder().issuer("http://localhost:9000").build();
	}
}
